面向中小企业需求的基于威胁的网络安全风险评估方法

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI:10.1145/3465481.3469199

Max van Haastrecht, I. Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, M. Spruit

{"title":"面向中小企业需求的基于威胁的网络安全风险评估方法","authors":"Max van Haastrecht, I. Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, M. Spruit","doi":"10.1145/3465481.3469199","DOIUrl":null,"url":null,"abstract":"Cybersecurity incidents are commonplace nowadays, and Small- and Medium-Sized Enterprises (SMEs) are exceptionally vulnerable targets. The lack of cybersecurity resources available to SMEs implies that they are less capable of dealing with cyber-attacks. Motivation to improve cybersecurity is often low, as the prerequisite knowledge and awareness to drive motivation is generally absent at SMEs. A solution that aims to help SMEs manage their cybersecurity risks should therefore not only offer a correct assessment but should also motivate SME users. From Self-Determination Theory (SDT), we know that by promoting perceived autonomy, competence, and relatedness, people can be motivated to take action. In this paper, we explain how a threat-based cybersecurity risk assessment approach can help to address the needs outlined in SDT. We propose such an approach for SMEs and outline the data requirements that facilitate automation. We present a practical application covering various user interfaces, showing how our threat-based cybersecurity risk assessment approach turns SME data into prioritised, actionable recommendations.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs\",\"authors\":\"Max van Haastrecht, I. Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, M. Spruit\",\"doi\":\"10.1145/3465481.3469199\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity incidents are commonplace nowadays, and Small- and Medium-Sized Enterprises (SMEs) are exceptionally vulnerable targets. The lack of cybersecurity resources available to SMEs implies that they are less capable of dealing with cyber-attacks. Motivation to improve cybersecurity is often low, as the prerequisite knowledge and awareness to drive motivation is generally absent at SMEs. A solution that aims to help SMEs manage their cybersecurity risks should therefore not only offer a correct assessment but should also motivate SME users. From Self-Determination Theory (SDT), we know that by promoting perceived autonomy, competence, and relatedness, people can be motivated to take action. In this paper, we explain how a threat-based cybersecurity risk assessment approach can help to address the needs outlined in SDT. We propose such an approach for SMEs and outline the data requirements that facilitate automation. We present a practical application covering various user interfaces, showing how our threat-based cybersecurity risk assessment approach turns SME data into prioritised, actionable recommendations.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3469199\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3469199","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

如今，网络安全事件屡见不鲜，而中小企业尤其容易受到攻击。中小企业缺乏可用的网络安全资源，这意味着它们应对网络攻击的能力较弱。中小企业提高网络安全的动机往往较低，因为驱动动机的前提知识和意识普遍缺失。因此，旨在帮助中小企业管理网络安全风险的解决方案不仅应该提供正确的评估，还应该激励中小企业用户。根据自我决定理论(SDT)，我们知道，通过提升感知到的自主性、能力和相关性，人们可以被激励去采取行动。在本文中，我们解释了基于威胁的网络安全风险评估方法如何帮助解决SDT中概述的需求。我们为中小企业提出了这样的方法，并概述了促进自动化的数据需求。我们展示了一个涵盖各种用户界面的实际应用，展示了我们基于威胁的网络安全风险评估方法如何将中小企业数据转化为优先的、可操作的建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs

Cybersecurity incidents are commonplace nowadays, and Small- and Medium-Sized Enterprises (SMEs) are exceptionally vulnerable targets. The lack of cybersecurity resources available to SMEs implies that they are less capable of dealing with cyber-attacks. Motivation to improve cybersecurity is often low, as the prerequisite knowledge and awareness to drive motivation is generally absent at SMEs. A solution that aims to help SMEs manage their cybersecurity risks should therefore not only offer a correct assessment but should also motivate SME users. From Self-Determination Theory (SDT), we know that by promoting perceived autonomy, competence, and relatedness, people can be motivated to take action. In this paper, we explain how a threat-based cybersecurity risk assessment approach can help to address the needs outlined in SDT. We propose such an approach for SMEs and outline the data requirements that facilitate automation. We present a practical application covering various user interfaces, showing how our threat-based cybersecurity risk assessment approach turns SME data into prioritised, actionable recommendations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 16th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量